The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks.

Catalyst SD-WAN Manager (formerly known as vManage) is a network management software that helps admins monitor and manage up to 6,000 Catalyst SD-WAN devices from a single dashboard.

Cisco patched this information disclosure vulnerability (CVE-2026-20133) in late February, saying that it allows unauthenticated remote attackers to access sensitive information on unpatched devices.

“This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system,” Cisco said at the time. “A successful exploit could allow the attacker to read sensitive information on the underlying operating system.”

One week later, the company revealed that two other security flaws it had patched the same day (CVE-2026-20128 and CVE-2026-20122)were being exploited in the wild.

Federal agencies ordered to patch until Friday

On Monday, CISA added CVE-2026-20133 to its Known Exploited Vulnerabilities (KEV) Catalog, “based on evidence of active exploitation,” and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their networks until Friday, April 24.

“Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices,” CISA said. “Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.”

Cisco has yet to confirm the U.S. cybersecurity agency’s report that the flaw is being exploited in attacks, with its security advisory still saying that its Product Security Incident Response Team (PSIRT) is “not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133.”

In February, Cisco also tagged a critical authentication bypass vulnerability (CVE-2026-20127) as exploited in zero-day attacks that were enabling threat actors to add malicious rogue peers to targeted networks since at least 2023.

More recently, in early March, the company released security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that can allow attackers to gain root access to the underlying operating system and execute arbitrary Java code with root privileges.

Over the last several years, CISA has tagged 91 Cisco vulnerabilities as exploited in the wild, six of which have been used by various ransomware operations.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

If desk space is tight but you still want solid performance for everyday work, a mini PC can be a great solution. I’ve found a terrific deal on the Geekom A6, now down to $549 (was $649) at Amazon.

Trimming a healthy amount off the asking price, that $100 discount brings it down to the same price as on the Geekom website but there it comes with a free $69 case.

In our tests, Geekom mini PCs have proved very strong, and in our rave review we found the A6 “packs in an impressive amount of power” and noted, “when it comes to performance it really is a cut above many other mini PCs of this size.” We also praised the “quality of the build and the style of the design which make it one of the best-looking mini PCs out there.”

In fact, our biggest issue was the original price, and this saving solves that.

Today’s top Geekom mini PC deal

Inside the compact aluminum chassis you get an AMD Ryzen 7 6800H processor paired with Radeon 680M graphics.

That delivers the kind of performance creatives and professionals need for editing photos, working with large documents, running multiple apps, or handling everyday production tasks.

For more top picks like this, these are the best mini PCs we’ve tested and reviewed.

Ofcom, the United Kingdom’s independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it’s being used to share child sexual abuse material (CSAM).

The investigation was launched under the UK’s Online Safety Act to examine whether the social media and instant messaging (IM) service is complying with its illegal content safety duties, which require it to prevent CSAM from being shared.

Ofcom says it received evidence regarding the alleged presence and sharing of CSAM on Telegram from the Canadian Centre for Child Protection, and that it had also conducted its own assessment of the platform.

“In light of this, we have decided to open an investigation to examine whether Telegram has failed, or is failing, to comply with its duties in relation to illegal content,” Ofcom said.

However, Telegram denied Offcom’s accusations, saying that it “virtually eliminated the public spread of CSAM” on its platform since 2018.

“We are surprised by this investigation and concerned that it may be part of a broader attack on online platforms that defend freedom of speech and the right to privacy,” Telegram said.

Ofcom has also launched formal investigations into two teen chat sites (Teen Chat and Chat Avenue) over concerns that predators are using them to groom children and to check if the two services are taking all required steps to assess and mitigate these risks.

The UK’s independent online safety watchdog is also probing X under the UK’s Online Safety Act over nonconsensual sexually explicit content generated using the Grok AI chatbot account.

If it identifies compliance failures, Ofcom can impose fines of up to £18 million or 10% of qualifying worldwide revenue (whichever is greater). Additionally, in serious cases of non-compliance, it can request a court order effectively banning the offending platform in the United Kingdom.

“In the most serious cases of non-compliance, and where appropriate given risks of harm to individuals in the UK, we can seek a court order to require third parties to take action to disrupt the business of the provider,” Ofcom noted.

“This may require third parties (such as providers of payment or advertising services, or Internet Service Providers) to withdraw services from, or block access to, a regulated service in the UK.”

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

On Monday, Valsorda finally channeled years’ worth of frustration, fueled by the widely held misunderstanding, into a blog post titled “Quantum Computers Are Not a Threat to 128-bit Symmetric Keys.”

“There’s a common misconception that quantum computers will ‘halve’ the security of symmetric keys, requiring 256-bit keys for 128 bits of security,” he wrote. “That is not an accurate interpretation of the speedup offered by quantum algorithms, it’s not reflected in any compliance mandate, and risks diverting energy and attention from actually necessary post-quantum transition work.”

That’s the easy part of the argument. The much harder part is the math and physics that explain it. At its highest level, it comes down to a fundamental difference in the way a brute-force search works on classical computers versus the way it works using Grover’s algorithm. Classical computers can perform multiple searches simultaneously, a capability that allows large tasks to be broken into smaller pieces to complete the overall job faster. Grover’s algorithm, by contrast, requires a long-running serial computation, where each search is done one at a time.

“What makes Grover special is that as you parallelize it, its advantage over non-quantum algorithms gets smaller,” Valsorda said in an interview. He continued:

Imagine it with small numbers, let’s say there are 256 possible combinations to a lock, A normal attack would take 256 tries. You decide it’s too long, so you get three friends and you each do 64 tries. “That’s the classical parallelization. With Grover you could in theory do √256)=16 tries in a row, but if that’s still too long and you again look for help from three friends. Each has to do √256/4)=8 tries.

So in total you do 8*4=32 tries, which is more than the 16 you would have done alone! Asking for help to parallelize the attack made the attack slower overall. Which is not the case for classical attacks.

Of course the numbers are way larger, but if we apply any reasonable constraint on the attacker (like having to finish a run in 10 years), the total work becomes so much more than 2⁶⁴.

Also, 2⁶⁴ was never the right number, because that pretends you can do AES as a single operation on a single qubit. This is somewhat orthogonal. The combination of these two observations turn the actual cost into 2¹⁰⁴ give or take, which is well beyond the threshold for security.

Sophie Schmieg, a senior cryptography engineer at Google, explained it this way:

Looking at enterprise AI adoption, VentureBeat has anecdotally observed a fairly wide divergence when it comes to specific roles: For those who build—engineers and developers—the arrival of AI has been transformative, moving through the workflow with the speed of tools like Claude Code and Cursor to automate the heavy lifting of syntax and architecture.

Yet, for those who sell, the “revenue stack” has remained a fragmented collection of data silos, manual CRM entries, and anecdotal reporting.

Von, a new AI platform emerging from the team behind process automation startup Rattle, aims to bridge this gap. By positioning itself not as another “point solution” but as a foundational “intelligence layer,” Von seeks to do for Go-To-Market (GTM) teams what the modern IDE has done for the developer: provide a single, reasoning interface that understands the entire business context.

“AI has revolutionized the workflow for people who build things, but there is nothing that has revolutionized the workflow for people who sell those things,” Von CEO Sahil Aggarwal said in a recent video call interview with VentureBeat. “That is what we are trying to build with Von”.

Technology: The context graph and multi-model engine

At the core of Von’s capability is a departure from the traditional “search bar” approach to enterprise AI. While standard LLMs often struggle with the sprawling, unstructured nature of sales data, Von begins its deployment by building a “context graph” of a company’s entire business.

This process involves ingesting structured data from CRMs like Salesforce and HubSpot, alongside unstructured data from call recorders (Gong, Zoom, Chorus), email threads, and internal documentation.

“Once Von builds this context graph, it will understand your business better than anyone else in the company,” Aggarwal said.

This understanding is rooted in a company’s specific “ontology”—the unique language of its deal stages, territory definitions, and institutional knowledge.

“We train these foundational models on a company’s own business and ontology to make the model work for them,” the CEO addded.

Instead of relying on a single large language model, Von utilizes a “mixture of models” strategy to optimize performance and cost. In this architecture, Anthropic’s Claude is deployed for high-level reasoning and “thinking,” ChatGPT handles bulk data processing, and Google’s Gemini is utilized for generating creative assets such as decks and reports.

This technical approach allows Von to resolve a common frustration in Sales Operations: the gap between what is logged in a CRM and what actually happened in a meeting. By cross-referencing call transcripts with Salesforce records, the system can identify discrepancies in “lost reasons” or verify deal health based on sentiment rather than just a rep’s manual update.

From reporting queues to AI headcount

Von is designed to function as an “AI Data Scientist” or a “VP of RevOps” that lives on top of the enterprise’s existing revenue tracking tools.

During an initial product demonstration, Aggarwal showed how the platform could analyze 101 SMB accounts to identify churn risk in just over three minutes—a task he estimates would take a human analyst one to two weeks.

The platform’s primary interface resembles a chat environment, but the outputs are designed to be actionable revenue assets. Key functionalities include:

• Deal Health Monitoring: Cross-referencing calls and emails to surface “risky” commits that might otherwise go unnoticed until the end of a quarter.

• Automated Briefing: Generating pre-call context docs that draw from the entire history of an account, ensuring reps are briefed on every previous touchpoint.

• Win/Loss Analysis: Clustered analysis of transcripts to find the “true” reasons for lost deals, often finding that the recorded reason in the CRM does not match the customer’s actual feedback.

• Revenue Operations Automation: Handling “low-level” Salesforce admin tasks, such as creating flows, validation rules, or cleaning up account territories.

The goal is to shift Revenue Operations (RevOps) from a “reporting queue” that handles ad-hoc data requests into an infrastructure layer.

As Kieran Snaith, SVP of Revenue Operations at Qualified, noted in a Von testimonial blog post, the goal is to allow leaders to “run the business in chat,” asking complex questions about forecast confidence or pipeline risk and receiving data-backed answers instantly.

Pivoting into ‘the next Salesforce’

Von is operated by Rattle Software Inc., a company that previously found success with “Rattle,” a mid-seven-figure revenue business focused on Salesforce-Slack integrations. Aggarwal describes Von as a significant pivot toward a larger opportunity, aiming to build “the next Salesforce”.

The business has seen rapid early traction, reportedly crossing $500,000 in revenue within its first eight weeks of launch, with projections to reach $10 million in its first year.

The product is governed by a commercial, proprietary license typical of enterprise SaaS. Unlike open-source tools, Von’s “restricted” license means the underlying source code and the “context graph” technology are proprietary to Rattle Software Inc.. Users are granted a non-transferable, non-exclusive right to use the software for internal business purposes, with the company maintaining all rights, title, and interest in the service.

This philosophy of deep integration extends to the broader SaaS ecosystem, where Aggarwal observes, “Point solutions in SaaS are essentially dead. They will have a very hard time surviving in this world, because point solutions can now be white-coded within a company.”

Pricing follows a hybrid model of per-seat subscriptions and consumption-based credits. This structure is designed to scale with the persona using the tool; for instance, a Chief Revenue Officer (CRO) seat may cost $1,000 per month for deep strategic analysis, while individual seller seats may be as low as $20 per month for basic research and follow-up tasks.

The company is currently backed by several tier-one venture capital firms, including Sequoia Capital, Lightspeed, Insight Partners, and GV (Google Ventures).

Early adopter reaction

The reaction from early adopters highlights a shift in how AI is being integrated into the sales org.

Taylor Kelly, Head of Revenue Operations at Tapcart, remarked that “Von handles the analysis and insights that would normally require hiring another full-time analyst,” specifically citing its ability to handle complex Salesforce configurations and deal risk assessments.

Similarly, Evan Briere, VP of Partnerships at DemandScience, noted that Von’s direct connection to data sources makes it “actually applicable” compared to more “theoretical” horizontal AI tools like ChatGPT.

Other community feedback from the platform’s early users includes:

• CJ Oordt, Sales Director at Coalesce: Described it as a “research assistant who knows every conversation and note”.

• Rob Janke, Director of Revenue Operations at QuickNode: Stated that Von “solved this gap before we could even start building it ourselves”.

• Sydney, Head of Renewals at 15Five: Highlighted its impact on renewal intelligence, allowing her to analyze actual conversation signals across an entire book of business in minutes.

The prevailing sentiment among these users is that Von serves as “additional headcount” rather than just a tool. This mirrors the company’s internal metrics, which report that Von is already completing over 10,000 revenue tasks per week for its customer base.

An autonomous revenue org

The introduction of Von signals a maturing of AI in the enterprise. We are moving past the era of “AI as a feature”—where a chatbot is simply bolted onto an existing CRM—toward “AI as a persona”.

By training foundational models on a company’s specific business logic, Von is attempting to create a system that doesn’t just return data but offers “judgment calls”.As organizations look toward the rest of 2026, the challenge for RevOps leaders will be one of trust and infrastructure.

If Von can maintain its claimed 95% accuracy in predicting deal outcomes, the role of the human salesperson will inevitably shift toward higher-value relationship management, leaving the “data science” of sales to the agents.

For now, Von remains a high-growth experiment in whether the “intelligence layer” can finally bring the same level of revolutionary workflow to the people who sell as it has to the people who build.

Privacy tools are usually locked behind a monthly subscription, but Mozilla is changing that by baking protection directly into the browsing experience. With the latest update, Firefox has added an integrated VPN that allows you to hide your digital tracks without needing a separate app or a credit card. It’s a major shift for the browser, moving a feature that used to be a paid extra into the hands of every user by default.

Keep in mind that free VPNs can be dangerous. If they’re not from a trusted provider, they can put your data at risk or include vulnerabilities you wouldn’t find in some of the more popular paid VPN services. 

In its post about the Firefox 149 updates, Mozilla notes, “Free VPNs can sometimes mean sketchy arrangements that end up compromising your privacy, but ours is built from our data principles and commitment to be the world’s most trusted browser.” 

In CNET’s tests, among VPN services that offer a free tier, the best free plan on the market is Proton VPN’s free service. (It’s the only free VPN CNET currently recommends.) But the free Proton VPN service is missing some features found in the company’s premium plan, such as the ability to choose a server manually or connect multiple devices at the same time. 

For limited or casual use

Mozilla’s overall VPN technology has undergone independent audits from Cure53, has resolved security issues over its history and uses WireGuard, which gives it a good security foundation. 

The browser-based free version may give the impression that it offers the same level of overall protection as a stand-alone VPN. However, it only protects web traffic viewed through the Firefox browser.

“The fundamental limitation is scope,” said Jacob Kalvo, a cybersecurity expert and CEO of Live Proxies, which provides technical services to businesses and individuals. “[The free Firefox VPN] only protects browser traffic, not apps, system processes or other network activity. That creates a false sense of ‘full protection’ for less technical users.”

That could make it a useful feature for casual use while browsing the web for those who don’t already have a VPN service. And Kalvo says the 50GB data limit is generous for a browser-based VPN.

But, he said, for anything involving “sensitive data, competitive intelligence, or large-scale operations,” he doesn’t recommend it.

“This is a controlled, limited-use product rather than a full privacy solution,” Kalvo said.

On Tuesday, the nonprofit Consumer Federation of America filed a lawsuit against Meta, alleging that the way the social networking giant handles scammers on its platforms violates Washington, DC’s consumer protection laws.

While many online scams involve direct outreach to victims by scammers (who are often themselves human trafficking victims trapped in scam compounds), CFA’s lawsuit focuses on fraudulent advertising that CFA alleges Meta profited from and allowed to “proliferate on its platforms,” despite publicly promising that it takes cracking down on fraud and scams seriously.

In its complaint, CFA points to ads found in Meta’s ads library that CFA claims are types of well-known scams, including several that appear to target people by their birth year and tout $1,400 checks, as well as others that advertise free government iPhones.

Speaking with WIRED, Ben Winters, CFA’s director of AI and data privacy, says others can find more dubious ads just by searching Meta’s ad library using key words like “free phone” and “stimulus check.” WIRED’s quick perusal of the ads library on Monday shows more live ads for “secret tax checks” that lead to a website that promises to reveal “Wall Street’s recession-proof investing strategy.”

Meta did not immediately respond to a request for comment.

CFA is seeking to recover damages and what it says are illegal profits from Meta, in addition to business reforms. Winters says that there’s more to be done to take down repeat violators and scrutinize ads that promise things like free government programs that don’t exist before they’re put in front of consumers.

Meta has faced particular scrutiny because Facebook, Instagram, and WhatsApp—which are all owned by Meta—are among the most widely used online platforms by Americans, according to a recent Pew Research Center report. In late 2025, Reuters reported on a set of internal Meta documents that detailed how the company dealt with fraudulent and prohibited user activity, including a May 2025 presentation that estimated that its platforms were involved with a third of all successful scams in the US. Another presentation cited by Reuters alleged that an internal Meta review found it “is easier to advertise scams on Meta platforms than Google.”

One Meta document from 2024 that Reuters cited estimated that the company would earn 10.1 percent of its revenue that year—around $16 billion—from ads that were actually scams or other types of prohibited content. To put that figure in perspective, the FBI estimated that in 2024, Americans lost $16 billion from all internet crimes. At the time, a Meta spokesperson called the estimate “rough and overly inclusive” and said that the set of documents Reuters reported on “distorts Meta’s approach to fraud and scams” and that the actual revenue was lower, but declined to tell Reuters by how much.

In June 2025, a bipartisan coalition of state attorneys general urged Meta to crack down on Facebook ads that led consumers to WhatsApp groups that were used for carrying out investment scams. The letter, which was signed by New York AG Letiticia James, said that Meta’s solutions were not working and that investigators in New York kept seeing scam advertisements months after submitting reports to Meta.

Since then, the US Virgin Islands attorney general’s office filed a lawsuit against Meta that, among other things, alleged that the company not only failed to crack down on scam advertising but charged advertisers higher rates to run ads flagged as likely to be fraudulent. That lawsuit is ongoing.

Though the federal government and many states have similar consumer protection laws as the DC law that CFA alleges Meta violated, Winters says he’s not holding his breath for the federal government to take action, and while he appreciates the work of state attorneys general, he believes consumers need relief now.

“We appreciate their work and think it’s absolutely critical, but we can’t wait for them to act when we haven’t seen them able to act as quickly as we need to,” Winters says. “This is why nonprofits and civil society exist in the idealized world, right? To fill in gaps where there are gaps.”

After its recent launch, Honor of Kings is now doubling down on the market with a two-pronged strategy. First, build a creator ecosystem, then strengthen its esports pathway. For this, the game has announced the rollout of HOK Studio, alongside the King’s Arise India: KWC at EWC26 Qualifier. Here’s everything you need to know.

HOK Studio to Boost Creator Ecosystem

At the center of this push is HOK Studio, the game’s official creator platform designed to support content creators across formats. This includes short videos, livestreams, tutorials, esports coverage, and more. As part of its initial phase in India, HOK Studio will introduce a Content Creator Incentive Program with rewards exceeding ₹1 crore (₹10 million). Creators can also get access to in-game tokens, exclusive rewards, official promotional support, and even early access to new content.

Dean Huang, the game’s producer, said:

India is a key market for Honor of Kings, and our focus is on building a strong, localised ecosystem that goes beyond gameplay. With HOK Studio, we are committed to developing a program worth an initial ₹10 million, to empower creators who play a critical role in shaping how the game is experienced and shared. At the same time, through initiatives like the KWC at EWC26 Qualifier, we are creating opportunities for Indian players to compete at the highest global level. Together, these efforts reflect our long-term commitment to growing both the creator and competitive ecosystems in India.

EWC Qualifier

Alongside creators, the game is also focusing heavily on competitive play. The King’s Arise India: KWC at EWC26 Qualifier will act as a structured pathway for Indian teams to reach the global stage. Registration for the tournament will run from April 19 to April 26, followed by open qualifiers, playoffs, and offline finals on May 17. The tournament features a prize pool of ₹5 lakh and will eventually select two teams to represent India at the global KWC event, where the total prize pool stands at $3 million.

The competition will follow global formats like Global Ban & Pick, which prevents teams from reusing heroes across matches, and a Bo7 Grand Final with an “Ultimate Battle” tiebreaker. These formats are designed to test strategy, adaptability, and team coordination at the highest level.

Google announced today that it is upgrading the Gemini for Home service with a “continued conversations” feature. Continued conversation allows a user to have a natural discussion with the Gemini platform without prefacing every follow-up request with the “Hey Google” prompt. The microphone will remain active on a smart device for a few seconds after the Gemini AI assistant provides its reply. During that window, the lights on the hardware will pulse or glow, indicating that you can keep chatting normally with the chatbot without needing a wake word. Gemini should retain the context as the conversation progresses, which should allow it to provide the desired information faster without the need for a user to repeat key details.

The feature is rolling out today for all Gemini for Home voice assistant languages and in all supported regions. Continued conversations have to be manually enabled in the Google Home app through the settings menu under “Gemini for Home voice assistant.” Google said that Gemini should be able to distinguish between follow-up questions addressed to the chatbot and other conversations happening in a room, but it should be interesting to track how successful that is given the past history of voice assistants unintentionally eavesdropping.

Continued conversation was an option under the Google Assistant platform, but it had more limited availability. Google has been preparing Gemini for Home as a replacement for Google Assistant platform since the fall.